ENFORCING SERVICE POLICIES IN EMBEDDED UICCs

US 20160057624A1
Filed: 08/20/2015
Published: 02/25/2016
Est. Priority Date: 08/25/2014
Status: Active Grant

First Claim

Patent Images

1. A method for implementing a subsidy lock on a mobile device, the method comprising:

at an embedded Universal Integrated Circuit Card (eUICC) included in the mobile device;

receiving a request to install or enable an electronic Subscriber Identity Module (eSIM) on the eUICC;

determining, based on a policy enforced by the eUICC, whether an International Mobile Subscriber Identity (IMSI) associated with the eSIM is valid;

when the eSIM is valid;

installing or enabling the eSIM on the eUICC; and

when the eSIM is not valid;

preventing the eSIM from being installed or enabled on the eUICC.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.

34 Citations

View as Search Results

20 Claims

1. A method for implementing a subsidy lock on a mobile device, the method comprising:
- at an embedded Universal Integrated Circuit Card (eUICC) included in the mobile device;
  
  receiving a request to install or enable an electronic Subscriber Identity Module (eSIM) on the eUICC;
  
  determining, based on a policy enforced by the eUICC, whether an International Mobile Subscriber Identity (IMSI) associated with the eSIM is valid;
  
  when the eSIM is valid;
  
  installing or enabling the eSIM on the eUICC; and
  
  when the eSIM is not valid;
  
  preventing the eSIM from being installed or enabled on the eUICC.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein determining whether the IMSI associated with the eSIM is valid comprises comparing the IMSI to a list of IMSIs defined by the policy.
  - 3. The method of claim 2, wherein the list of IMSIs includes at least one of a complete IMSI or a partial IMSI that defines wildcard values.
  - 4. The method of claim 1, wherein preventing the eSIM from being enabled on the eUICC comprises updating a lock state associated with the eSIM.

5. A method for implementing a subsidy lock on a mobile device, the method comprising:
- at an embedded Universal Integrated Circuit Card (eUICC) included in the mobile device;
  
  receiving a request to install or enable an electronic Subscriber Identity Module on the eUICC;
  
  identifying, based on a policy enforced by the eUICC, whether a combination of a Mobile Country Code (MCC) and a Mobile Network Code (MNC) included in an International Mobile Subscriber Identity (IMSI) associated with the eSIM is valid;
  
  when the combination is valid;
  
  installing or enabling the eSIM on the eUICC; and
  
  when the combination is not valid;
  
  preventing the eSIM from being installed or enabled on the eUICC.
- View Dependent Claims (6)
- - 6. The method of claim 5, wherein preventing the eSIM from being installed or enabled further comprises placing the mobile device into a mode that permits placing emergency phone calls.

7. A method for implementing a subsidy lock on a mobile device, the method comprising:
- at a baseband component included in the mobile device;
  
  receiving, from an embedded Universal Integrated Circuit Card (eUICC) included in the mobile device, a request to register with a Mobile Network Operator (MNO) using an electronic Subscriber Identity Module (eSIM) managed by the eUICC;
  
  generating an encryption challenge;
  
  issuing, to the eUICC, a request for a digitally-signed package that includes;
  
  the encryption challenge, anda Mobile Country Code (MCC) and a Mobile Network Code (MNC) included in an International Mobile Subscriber Identity (IMSI) that is associated with the eSIM;
  
  attempting to authenticate the digitally-signed package based on a digital certificate that is accessible to the baseband component;
  
  when the digitally-signed package is authenticated;
  
  registering with the MNO in accordance with the eSIM; and
  
  when the digitally-signed package is not authenticated;
  
  ignoring the request to register with the MNO.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, wherein the encryption challenge comprises a randomly-generated number.
  - 9. The method of claim 7, wherein ignoring the request to register with the MNO further comprises displaying an indication that the eSIM is not authentic.

10. A method for ensuring at least one electronic Subscriber Identity Module (eSIM) is enabled on an embedded Universal Integrated Circuit Card (eUICC), the method comprising:
- at the eUICC;
  
  receiving a request to delete or disable an electronic Subscriber Identity Module on the eUICC;
  
  when the eUICC manages only the eSIM, and no other eSIMs;
  
  preventing the deletion or disablement of the eSIM; and
  
  when only one eSIM is enabled within the eUICC, and at least one other eSIM is managed by the eUICC;
  
  enabling the at least one other eSIM, andbased on the request, deleting or disabling the eSIM.
- View Dependent Claims (11)
- - 11. The method of claim 10, wherein enabling the at least one other eSIM, and, based on the request, deleting or disabling the eSIM, are carried out in response to a switch command.

12. A method for controlling a manner in which electronic Subscriber Identity Modules (eSIMs) are managed by an embedded Universal Integrated Circuit Card (eUICC), the method comprising:
- at the eUICC;
  
  receiving a request to delete or disable an electronic Subscriber Identity Module on the eUICC, wherein the request includes management credentials that are associated with the eSIM;
  
  determining whether the management credentials permit the deletion or disablement of the eSIM;
  
  when the management credentials permit the deletion or disablement of the eSIM;
  
  based on the request, deleting or disabling the eSIM; and
  
  when the management credentials do not permit the deletion or disablement of the eSIM;
  
  ignoring the request.
- View Dependent Claims (13)
- - 13. The method of claim 12, wherein the management credentials set forth eSIM-specific access rights.

14. A method for configuring an embedded Universal Integrated Circuit Card (eUICC) included in a mobile device to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication, the method comprising:
- at the eUICC;
  
  receiving a request to perform a management operation in association with an eSIM;
  
  determining that a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation;
  
  causing the mobile device to provide a prompt in accordance with the human-based authentication;
  
  receiving a response to the prompt for the human-based authentication; and
  
  in accordance with the response;
  
  performing the management operation or ignoring the request.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the policy is specific to the eUICC, and the policy is stored in and managed by the eUICC.
  - 16. The method of claim 14, wherein the policy is specific to a Mobile Network Operator (MNO).
  - 17. The method of claim 16, wherein the policy is stored in and managed by the eUICC.
  - 18. The method of claim 16, wherein the policy is defined by properties of the eSIM.
  - 19. The method of claim 14, wherein the management operation includes importing the eSIM into the eUICC, exporting the eSIM from the eUICC, enabling the eSIM within the eUICC, disabling the eSIM within the eUICC, installing the eSIM to the eUICC, uninstalling the eSIM from the eUICC, loading the eSIM into the eUICC, unloading the eSIM from the eUICC, swapping the eSIM with another eSIM within the eUICC, and deleting the eSIM from the eUICC.
  - 20. The method of claim 14, wherein the human-based authentication comprises a biometric authentication of a user of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
LI, Li, HAUCK, Jerrold Von, YANG, Xiangying

Granted Patent

US 9,942,755 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 2209/80   Wireless network architectu...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

ENFORCING SERVICE POLICIES IN EMBEDDED UICCs

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

ENFORCING SERVICE POLICIES IN EMBEDDED UICCs

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others